Right, so let’s continue last post and look at getting the final audio file.
nmap -sC analytics.northpolewonderland.com gets me something very interesting, namely a .git directory, that’s accessible over http:
443/tcp open https
| Git repository found!
I can get its contents like this:
wget --no-check-certificate --mirror -I .git https://18.104.22.168/.git/
At this point I only have the git history, but no files. No problem, I can get the files as follows:
git checkout -- . restores all files from git history
Ok, time for something new now. For the past 2 years I’ve been doing (rather irregularly) security assessments. It’s quite a new thing to me, compared to the 14 years I’ve spent doing software engineering. Still I’ve already learnt a lot and got some great results and huge customer satisfaction in my security related assignments.
This year, just as last year, I took part in the SANS holiday hack challenge: https://holidayhackchallenge.com/2016/ . The SANS team spent a lot of effort creating a whole browser game, combining graphics, music, gameplay and hacking. It turned out great!
Since the challenge is over, I can now publish my writeup.
The plot of the challenge is that someone kidnapped Santa, so you have to find Santa and the villain who did it. As a starting point you get a Twitter and an Instagram handle:
Eventually you will need to find 7 mp3 audio files, which are stored on various hosts, and complete the challenges from the browser game.